Hello community,
here is the log from the commit of package libxml2 for openSUSE:Factory checked
in at 2013-04-20 17:49:22
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libxml2 (Old)
and /work/SRC/openSUSE:Factory/.libxml2.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libxml2", Maintainer is "vci...@suse.com"
Changes:
--------
--- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2013-03-22
11:56:16.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.libxml2.new/libxml2.changes 2013-04-20
17:49:24.000000000 +0200
@@ -1,0 +2,6 @@
+Thu Apr 18 14:07:49 UTC 2013 - vci...@suse.com
+
+- fix for CVE-2013-1969 (bnc#815665)
+ * libxml2-CVE-2013-1969.patch
+
+-------------------------------------------------------------------
New:
----
libxml2-CVE-2013-1969.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libxml2.spec ++++++
--- /var/tmp/diff_new_pack.8fzHuX/_old 2013-04-20 17:49:26.000000000 +0200
+++ /var/tmp/diff_new_pack.8fzHuX/_new 2013-04-20 17:49:26.000000000 +0200
@@ -32,6 +32,7 @@
# PATCH-FIX-UPSTREAM CVE-2012-5134 (bnc#793334)
Patch1: libxml2-2.9.0-CVE-2012-5134.patch
Patch4:
libxml2-CVE-2013-0338-Detect-excessive-entities-expansion-upon-replacement.patch
+Patch5: libxml2-CVE-2013-1969.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: pkg-config
BuildRequires: readline-devel
@@ -128,6 +129,7 @@
%patch0
%patch1 -p1
%patch4 -p1
+%patch5 -p1
%build
%configure --disable-static \
++++++ libxml2-CVE-2013-1969.patch ++++++
>From de0cc20c29cb3f056062925395e0f68d2250a46f Mon Sep 17 00:00:00 2001
From: Daniel Veillard <veill...@redhat.com>
Date: Tue, 12 Feb 2013 08:55:34 +0000
Subject: Fix some buffer conversion issues
https://bugzilla.gnome.org/show_bug.cgi?id=690202
Buffer overflow errors originating from xmlBufGetInputBase in 2.9.0
The pointers from the context input were not properly reset after
that call which can do reallocations.
---
diff --git a/HTMLparser.c b/HTMLparser.c
index a533f37..6b83654 100644
--- a/HTMLparser.c
+++ b/HTMLparser.c
@@ -6054,6 +6054,8 @@ htmlParseChunk(htmlParserCtxtPtr ctxt, const char *chunk,
int size,
if ((in->encoder != NULL) && (in->buffer != NULL) &&
(in->raw != NULL)) {
int nbchars;
+ size_t base = xmlBufGetInputBase(in->buffer, ctxt->input);
+ size_t current = ctxt->input->cur - ctxt->input->base;
nbchars = xmlCharEncInput(in);
if (nbchars < 0) {
@@ -6061,6 +6063,7 @@ htmlParseChunk(htmlParserCtxtPtr ctxt, const char *chunk,
int size,
"encoder error\n", NULL, NULL);
return(XML_ERR_INVALID_ENCODING);
}
+ xmlBufSetInputBaseCur(in->buffer, ctxt->input, base, current);
}
}
}
diff --git a/parser.c b/parser.c
index 31f90d6..1c99051 100644
--- a/parser.c
+++ b/parser.c
@@ -12126,7 +12126,7 @@ xmldecl_done:
remain = 0;
}
}
- res =xmlParserInputBufferPush(ctxt->input->buf, size, chunk);
+ res = xmlParserInputBufferPush(ctxt->input->buf, size, chunk);
if (res < 0) {
ctxt->errNo = XML_PARSER_EOF;
ctxt->disableSAX = 1;
@@ -12143,6 +12143,8 @@ xmldecl_done:
if ((in->encoder != NULL) && (in->buffer != NULL) &&
(in->raw != NULL)) {
int nbchars;
+ size_t base = xmlBufGetInputBase(in->buffer, ctxt->input);
+ size_t current = ctxt->input->cur - ctxt->input->base;
nbchars = xmlCharEncInput(in);
if (nbchars < 0) {
@@ -12151,6 +12153,7 @@ xmldecl_done:
"xmlParseChunk: encoder error\n");
return(XML_ERR_INVALID_ENCODING);
}
+ xmlBufSetInputBaseCur(in->buffer, ctxt->input, base, current);
}
}
}
@@ -12190,7 +12193,14 @@ xmldecl_done:
}
if ((end_in_lf == 1) && (ctxt->input != NULL) &&
(ctxt->input->buf != NULL)) {
+ size_t base = xmlBufGetInputBase(ctxt->input->buf->buffer,
+ ctxt->input);
+ size_t current = ctxt->input->cur - ctxt->input->base;
+
xmlParserInputBufferPush(ctxt->input->buf, 1, "\r");
+
+ xmlBufSetInputBaseCur(ctxt->input->buf->buffer, ctxt->input,
+ base, current);
}
if (terminate) {
/*
--
cgit v0.9.1
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
